espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-29 18:27:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bluedroid host memory overflow

Browse Source
This commit is contained in:
zhiweijian@espressif.com
2022-07-06 15:56:05 +08:00
committed by zwj
parent d949df8dcb
commit 363b8b2973
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
components/bt/host/bluedroid/stack/gatt/gatt_api.c
View File

@ -583,6 +583,11 @@ tGATT_STATUS GATTS_HandleValueIndication (UINT16 conn_id, UINT16 attr_handle, U
return (tGATT_STATUS) GATT_INVALID_CONN_ID;
}
if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) {
GATT_TRACE_ERROR("connection not established\n");
return GATT_WRONG_STATE;
}
if (! GATT_HANDLE_IS_VALID (attr_handle)) {
return GATT_ILLEGAL_PARAMETER;
}
@ -650,6 +655,11 @@ tGATT_STATUS GATTS_HandleValueNotification (UINT16 conn_id, UINT16 attr_handle,
return (tGATT_STATUS) GATT_INVALID_CONN_ID;
}
if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) {
GATT_TRACE_ERROR("connection not established\n");
return GATT_WRONG_STATE;
}
if (GATT_HANDLE_IS_VALID (attr_handle)) {
notif.handle = attr_handle;
notif.len = val_len;

7
components/bt/host/bluedroid/stack/l2cap/l2c_api.c
View File

@ -2329,6 +2329,13 @@ void l2ble_update_att_acl_pkt_num(UINT8 type, tl2c_buff_param_t *param)
xSemaphoreGive(buff_semaphore);
break;
}
if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) {
L2CAP_TRACE_ERROR("connection not established\n");
xSemaphoreGive(buff_semaphore);
break;
}
tL2C_LCB * p_lcb = l2cu_find_lcb_by_bd_addr (p_tcb->peer_bda, BT_TRANSPORT_LE);
if (p_lcb == NULL){
L2CAP_TRACE_ERROR("%s not found p_lcb", __func__);